General
-
Target
0eee871554d41113a7581448776f77e4_JaffaCakes118
-
Size
930KB
-
Sample
240328-ywapyafd4w
-
MD5
0eee871554d41113a7581448776f77e4
-
SHA1
1da2a651455c120b9aa1580af5ab17a5d0e6e81a
-
SHA256
27f40f6895f42d0a93a06dbcb4ed97ad4c4bb96889494d6749e0f07e0fd39f6f
-
SHA512
e8abc8611671fa3c5c3daee3bcb15b7e5d8dccff31b5308cb1b4179d4905d1ad672b06e68771b13bb5bac6b752236e28d6cc507a30e700883b65af7d4466e2c9
-
SSDEEP
24576:qgkBsiGxe4WPUinUuUS+ndSP/J8ffr7uOJV4b:gBQP7jS+dS2fzyOJV4b
Static task
static1
Behavioral task
behavioral1
Sample
0eee871554d41113a7581448776f77e4_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
0eee871554d41113a7581448776f77e4_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
ken@kengrouco.xyz - Password:
Everest10
Targets
-
-
Target
0eee871554d41113a7581448776f77e4_JaffaCakes118
-
Size
930KB
-
MD5
0eee871554d41113a7581448776f77e4
-
SHA1
1da2a651455c120b9aa1580af5ab17a5d0e6e81a
-
SHA256
27f40f6895f42d0a93a06dbcb4ed97ad4c4bb96889494d6749e0f07e0fd39f6f
-
SHA512
e8abc8611671fa3c5c3daee3bcb15b7e5d8dccff31b5308cb1b4179d4905d1ad672b06e68771b13bb5bac6b752236e28d6cc507a30e700883b65af7d4466e2c9
-
SSDEEP
24576:qgkBsiGxe4WPUinUuUS+ndSP/J8ffr7uOJV4b:gBQP7jS+dS2fzyOJV4b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-